The security industry is facing a disruptive collision - the intersection of easy access to cloud applications and the ubiquity of mobile devices brought to the workplace. For many in the industry, it feels like we are simultaneously losing control over applications, devices and networks, while at the same time battling an ever-advancing threat landscape.
Within this chaos, we must rethink how we protect our business' key assets and manage the technology, controls and processes we use to combat these threats. And make no mistake: the rate of change is only accelerating, making it tough to anticipate what's next.
There are bright spots right in front of us. New practices and tools are emerging to help us regain some control while supporting the rapidly evolving needs of the business. Refocusing security pros on complex problems and on implementation of active defenses combined with the power of automation, APIs and software defined security can help practitioners and vendors alike. But we can't go at this ad-hoc or wait on the sidelines.
That's why I'm excited that we're working with Rich Mogull, the straight-talking CEO and Lead Analyst at Securosis, a research and advisory firm "obsessed with improving the practice of information security." The result of this collaboration is a new, independent report: The Future of Security - Trends and Technologies Transforming Security. Download a copy here!
This isn't about Box alone. It's about driving change across our industry, for the benefit of our customers. Rich wrote the report openly online, solicited input directly from security experts and practitioners, and had it reviewed and approved by the Cloud Security Alliance. Rich's conclusions describe not only what our future should look like, but also the relevant activities we all - security practitioners, security vendors, and cloud providers alike - need to plan for today.
- Cloud and Mobile have driven a new model of technical utility and economics we need to adapt to.
- Six Trends will transform security: granular segregation of resources for resiliency, refocusing security pros on specialized tasks, incident response skills, software defined security, active defenses that raise the cost of carrying out attacks, and ability to bridge insights across security management tools.
- Security Practitioners must focus on Incident Response (Threat Response) to address advanced threats, assessment and penetration testing of service providers, and security architecture to develop internal and external controls.
- Cloud Providers must adopt Trust as a key component of the business model, push security into a front office priority, and increase all aspects of transparency from documentation of controls to detailed logs and feeds.
- Security Providers must adapt quickly to survive and provide rich APIs, comprehensive feeds and logs to integrate vendor's technologies into client's infrastructure.
This transformation must involve each of these groups together, working interdependently if we are to succeed. In this new environment, we at Box are thrilled to see these cloud providers, security vendors, and audit firms already supporting this transformation. We mean business.
How will you prepare for the future of security?
Take a look at this report and join the conversation by mentioning me @justinsomaini or using this hashtag: #infosecfuture